So, someone changed the AD Group names, which wouldn't be a problem if SharePoint would just get this change on it's on.
But no, I had to write a script to get the changed AD Names. Thankfully I only need to change the display name.
The login name is a GUID which will stay the same even after the AD Group name changed.
In my case I don't have any users which have "s-" in the loginname. If you have, you might want to adjust this part:
if($login.ToString().Contains("s-"))